Support webserver caching

[tobyzerner]

• Set ETag and Last-Modified headers on response
• Compare If-Modified-Since header on request
• Return 304 Not Modified if not stale

See: http://whitequark.org/blog/2014/04/05/page-caching-with-nginx/ http://apidock.com/rails/ActionController/ConditionalGet/stale%3F

Trying to think of the best way to do this... I guess on Api\AbstractSerializeController we can have some kind of method that returns an etag/last modified timestamp which the handle method checks and returns the appropriate response. Then our subclass controllers can override that method to provide appropriate data.

[ghost]

After running into this issue today: flarum/framework#985

I'm permanently disabling Nginx cache in favor of Varnish for the API System.

Viewing the api docs it appears the best approach is to start by issuing a http purge request for every unsafe API call.

So for example:

POST /api/discussions - create a new discussion
PATCH /api/discussions/:id - update a discussion
DELETE /api/discussions/:id - delete a discussion

Would need generate a http purge upstream to varnish. This would be filtered through the VCL and expire the GET /api/discussions/:id - get a discussion by ID

@franzliedke mentioned doing away with the purge request altogether, by creating a rule to purge GET every time an unsafe request is made by a user. Could this work out? I think so, but what about the times when a request passes through Varnish, expiring some cache but the request isn't successful at the webapp? It would at least be an inefficiency, though wouldn't be likely to occur often. Could this lack of validation from the webapp cause any other issues?

This is a starting point, but what to do with objects that are shared outside this request? The next step appears to be utilizing the BAN function though to be entirely honest I'm not sure exactly how this would work.

See here for suggestions.

The gist is that there's at least a couple ways to go about getting varnish to know which objects in a request are shared and on which other pages. This gets fed back to a regex BANrule.

Going this route is more complicated than nginx, but more specific, and the safe way to cache dynamic content when the full page contains a mix of public/private data.

[luceos]

@webeindustry was this issue created to support caching on the hosting services?

[BartVB]

Would be great if this was implemented in a cache agnostic way. I.e. don't depend on custom VCL in Varnish but use proper PURGE requests to update the cache(s) where needed and make sure that you can send a 304 really quickly.

[dav-is]

Caching in Flarum is very difficult to implement if not impossible because of the way the api data is structured. Each api response includes user data about permissions, etc. We tried and failed.

[BartVB]

Even for guests? Guest visits are easiest to cache and also the most effective.

[ghost]

Yes, even for guests. Have at it. It's a time waster as it's currently coded.

[tobyzerner]

@dav-is @webeindustry what are the specific problems prevent guest caching from being feasible?

[ghost]

Sorry I've been out of town it seems my memory is off on this one that was a while ago now. @dav-is told me we didn't really have an issue with guest cache, but got so bummed that logged in sessions were a fail we scraped the whole idea until a better solution was implemented.

[dav-is]

The issue being permissions and read status are sent with every logged in api Request

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. We do this to keep the amount of open issues to a manageable minimum. In any case, thanks for taking an interest in this software and contributing by opening the issue in the first place!

[BartVB]

The issue being permissions and read status are sent with every logged in api Request

This shouldn't be a problem for requests from guests?

I think this issue should be split into several parts:

• Send proper 304s (should be possible for both guests and logged in users)
• Send headers to make implementing a reverse proxy (or other caching) feasible (for example Cache-Control: public
• See if it's possible/feasible to cache data for registered users